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Applicant(s) 
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Art Unit 

2126 



The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 10 June 2003 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) |EI Claim(s) 1.25.26.29-32,35-38 and 41-58 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1.25.26.29-32.35-38 and 41-58 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
11 )□ The proposed drawing correction filed on is: a)Q approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)D All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1) CH Notice of References Cited (PTO-892) 4) Q Interview Summary (PTO-413) Paper No(s). . 



2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 

3) [3 Information Disclosure Statement(s) (PTO-1449) Paper No(s) 23.25 . 6) □ Other: 



U.S. Patent and Trademark Office 
PTO-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 27 





Application/Control Number: 09/235,158 
Art Unit: 2126 



Page 2 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 25, 26, 29-32, 35-38, and 41-58 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over "Java Card 2.0 Programming Concepts" by SUN. 

As to claim 1 , SUN teaches a small footprint device (java card / smart card) 
comprising: at least one processing element (virtual machine / operating system 
process) (pg. 3, Lifetime of the Virtual Machine) configured to execute groups of 
program modules (applets) in separate contexts (pg. 7, "...applets are isolated from 
each other." Pg. 2, "Each applet is an independent entity with its own state and 
functionality."), objects of a program module (objects instantiated by an applet) 
associated with a particular context (pg. 3, "Every object on the card is owned by the 
applet which instantiated it. The owning applet always has full privileges to use and 
modify the object."); and a context barrier (applet firewall) for separating and isolating 
the contexts (pg. 7, "To create a secure and trusted environment, applets are isolated 
from each other. An applet firewall prevents one applet from accessing the contents or 
behavior of objects owned by other applets."), the context barrier configured to control 
object-oriented access of a program module (applet) executing in one context to 
information (object) and/or a program module (applet) executing in another context (pg. 
2, "However, Java Card provides facilities to support more sophisticated scenarios in 
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which multiple applets can discover each other, communicate, and share data in a 
limited manner, while still maintaining protection from each other in the form of a firewall 
between applets."), the context barrier further configured to prevent the access if the 
access is unauthorized (pg. 7, "If an applet does not have sharing privileges for an 
object, any attempt to invoke an instance method or access the object's contents will 
throw a Security Exception...") and enable the access if the access is authorized (via 
Unrestricted Sharing or Restricted Sharing) (pg. 8). However, SUN does not explicitly 
mention that the device has memory and that the context barrier uses the memory. It is 
well known to one of ordinary skill in the art that a device has memory and therefore 
obvious that the device would have memory for storing program modules and other 
functionalities of the device such that the firewall protects these memory regions from 
being accessed. 

As to claim 37, reference is made to a method that corresponds to the device of 
claim 1 and is therefore met by the rejection of claim 1 above. However, claim 37 
further details the device includes a processing machine wherein the program modules 
are executed on. It is obvious that the processing element (virtual machine) of claim 1 
is the processing machine of claim 37. 

As to claims 52 and 53, reference is made to a computer program product that 
corresponds to the device of claim 1 and is therefore met by the rejection of claim 1 
above. 
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As to claims 54 and 55, refer to claims 52 and 53 for rejection. However, claim 
54 further details separating a plurality of programs on a small footprint device. SUN 
teaches separating a plurality of programs (applets) on a small footprint device (pg. 2, 
"However, Java Card provides facilities to support more sophisticated scenarios in 
which multiple applets can discover each other, communicate, and share data in a 
limited manner, while still maintaining protection from each other in the form of a firewall 
between applets."). 

As to claim 56, reference is made to a computer wave that corresponds to the 
device of claim 1 and is therefore met by the rejection of claim 1 above. 

As to claim 57, refer to claim 56 for rejection. However, claim 57 further details 
separating a plurality of programs on a small footprint device. SUN teaches separating 
a plurality of programs (applets) on a small footprint device (pg. 2, "However, Java Card 
provides facilities to support more sophisticated scenarios in which multiple applets can 
discover each other, communicate, and share data in a limited manner, while still 
maintaining protection from each other in the form of a firewall between applets."). 

As to claim 58, refer to claim 1 for rejection. However, claim 58 further details 
the shipping of a code over a network from a server wherein the code is instructions for 
separating a plurality of programs on a small footprint device. It is obvious that the 
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firewall has program code in order to function on the java card system. However, SUN 
does not teach that the code is sent over a communications link. It is well known to one 
of ordinary skill in the art that computer code is downloaded from a developer system or 
server system to an implementation system or client system. Therefore, it is obvious to 
one skilled in the art at the time of the invention that the carrier wave code of the firewall 
is shipped or downloaded from a server system to a client system to be implemented. 

As to claims 25 and 26, SUN teaches the processing element is a virtual 
machine on a card system (virtual machine) (pg. 3, Lifetime of the Virtual Machine). 
However, SUN does not teach that the virtual machine runs on a processor or an 
operating system. It is well known to a person of ordinary skill in the art that a virtual 
machine runs on a processor or an operating system and therefore obvious that the 
virtual machine of Sun runs on a processor or an operating system. 

As to claims 29 and 30, SUN teaches that each applet has its own context 
(Applet execution context) (pg. vii, Terminology). It is well known to a person of 
ordinary skill in the art that an execution context has a memory space or name space. 
Therefore, it is obvious that the applets have their separate memory spaces or name 
spaces for each applets execution. 

As to claim 31 , SUN teaches the program modules are a plurality of applets (pg. 
2, Applet Design Concepts). 
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As to claim 32, SUN teaches the context barrier (applet firewall) prevents access 
from a principle (applet) in one context to an object in a different context (applet) (pg. 7, 
Applet Isolation and Object Sharing, "An applet firewall prevent one applet from 
accessing the contents or behavior of objects owned by other applets."; pg. 2, Multiple 
Applets, "However, Java Card provides. ..in which multiple applets can discover each 
other, communicate, and share data in a limited manner, while still maintaining 
protection from each other in the form of a firewall between applets."). It is obvious to 
one skilled in the art at the time of the invention that since the context barrier prevents 
object access to an applet not owning the objects (pg. 7) that the context barrier 
enforces a security check on the applet accessing of the object. 

As to claims 35, 36, 41-43, It is obvious that since the context barrier prevents 
object access to an applet not owning the objects (pg. 7) that the context barrier 
enforces a security check of the principle accessing the object. Also, It is obvious since 
the firewall only allows the owning applet to access its objects (pg. 7, The owning applet 
always has full privileges to use and modify the object.), that the check must involve 
whether the applet and object are part of the same execution context, i.e. same name 
space or memory space agreement. 

As to claim 38, SUN teaches small footprint device (Java Card) implements a 
virtual machine (Java virtual machine) (pg. 3, Lifetime of the Virtual Machine). It is 
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obvious to one skilled in the art at the time of the invention that since the context barrier 
(applet firewall) runs on the system having a virtual machine that it is implemented using 
a virtual machine. 

As to claims 44-51, SUN teaches that an applet is allowed access to another 
applet and its objects through the applet firewall (exceptions to this restriction) when 
they are not part of the same context if the principal is authorized to perform the action, 
via the JRCE (pg. 7-8, Applet Isolation and Object Sharing) wherein the principal applet 
context switches to the recipient applet to invoke the method. It would be obvious that 
the applet performs a security check to determine the execution context. It is also 
obvious that the receiving applet invokes another applet for its objects. 

Response to Arguments 

3. Applicant's arguments filed 6/10/03 have been fully considered but they are not 
persuasive. Applicant argues that in regards to all amended claims the cited art does 
not teach or suggest all claim limitations. Applicant states that the invention deals with 
object-based access and states the prior art objects as performing code based access 
as the difference in not teaching or suggest all of the claim limitations. However, the 
examiner cannot find any disclosure within the cited art that the access is code based. 
Sun teaches that applets are objects (pg. 2) and the applet firewall prevents one applet 
from accessing the contents or behavior of objects owned by other applets and that it 
maintains the protection of applets (pg. 2 and 7). Hence, the communication between 
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an applet and an object is from one object to another. Futhermore, as detailed by 
Applicant in defining what a class and an object are, objects are themselves object 
oriented programming code that is structured in a class. Therefore, the objects are 
code-based also. 

Applicant then points out to other limitations in the specification as to showing the 
difference in the prior art to the invention. For instance in the specification at page 1 1 , 
lines 16-20, and the appendix of the application. However, under the M.P.E.P. 2111 
practice, the examiner is giving the broadest possible interpretation in examining the 
claims. Any limitations in the cited portions that are not explicitly detail in the claims as 
written should not be argued since these limitations were never part of the claim. 

Applicant argues that the security checks may use the identity of the principal, 
the identity of the entity, and/or the type of action, but no mention is made of basing the 
security check on the applet code. The examiner disagrees. The examiner has 
assumed that Applicant is basing these arguments to dependent claims 32, 35, 36, and 
41-51 . In reviewing those claims, Applicant indicates that the program modules 
comprise at least one of a principal or an object and the context barrier enforces 
security checks on at least one of a principal, an object, and an action. The examiner 
has mapped the program modules to the applet and since the applet is accessing an 
object it is a principal. The prior art clearly states that the applet firewall ensures that no 
other applet may use, access, or modify the contents of an object owned by another 
applet except as described in this section. Therefore, there must be a security check on 
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either the principal or the access action in order for the firewall to allow an applet to 
access, use, or modify the contents of an object. 

Therefore, since the prior art still meets the claims as disclosed the rejection is 
maintained. 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Lewis A. Bullock, Jr. whose telephone number is (703) 
305-0439. The examiner can normally be reached on Monday-Friday, 8:30 am - 5:00 
pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A Follansbee can be reached on (703) 305-8498. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
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746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
0286. 



lab 

July 23, 2003 




